2 cissp ® Official Study Guide Eighth Edition

808
Chapter 18 
■
Disaster Recovery Planning
General business insurance may not properly cover an organization 
against acts of terrorism. In years past, most policies either covered acts 
of terrorism or didn’t mention them explicitly. After suffering catastrophic 
terrorism-related losses, many insurance companies responded by amend-
ing policies to exclude losses from terrorist activity. Policy riders and 
endorsements are sometimes available but often at extremely high cost. If 
your business continuity or disaster recovery plan includes insurance as a 
means of financial recovery (as it probably should!), you’d be well advised 
to check your policies and contact your insurance professionals to ensure 
that you’re still covered.
Terrorist acts pose a unique challenge to DRP teams because of their unpredictable 
nature. Prior to the September 11, 2001, terrorist attacks, few DRP teams considered the 
threat of an airplane crashing into their corporate headquarters signifi cant enough to merit 
mitigation. Many companies are asking themselves a number of “what if” questions regard-
ing terrorist activity. In general, these questions are healthy because they promote dialogue 
between business elements regarding potential threats. On the other hand, disaster recovery 
planners must emphasize solid risk-management principles and ensure that resources aren’t 
overallocated to terrorist threats to the detriment of other DRP/BCP activities that protect 
against more likely threats.

Download 19,3 Mb.

Do'stlaringiz bilan baham: